chore(deps): update ncipollo/release-action digest to 440c8c1 (#747) #2054

Workflow file for this run

.github/workflows/dockerimage.yml at a90daa1

	# Copyright © Michal Čihař <[email protected]>
	#
	# SPDX-License-Identifier: GPL-3.0-or-later

	name: Docker Image CI

	on:
	push:
	branches-ignore:
	- renovate/**
	tags:
	- '*'
	pull_request:

	permissions:
	contents: read

	jobs:
	build:
	runs-on: ubuntu-24.04
	name: Build, ${{ matrix.architecture }}
	strategy:
	matrix:
	architecture: [linux/amd64]
	env:
	MATRIX_ARCHITECTURE: ${{ matrix.architecture }}
	steps:
	- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
	- name: Set up Docker Buildx
	uses: docker/setup-buildx-action@f7ce87c1d6bead3e36075b2ce75da1f6cc28aaca # v3.9.0
	with:
	# renovate: datasource=github-releases depName=docker/buildx
	version: v0.21.1
	- name: Cache Docker layers
	uses: actions/cache@0c907a75c2c80ebcb7f088228285e798b750cf8f # v4
	id: cache
	with:
	path: /tmp/.buildx-cache/${{ matrix.architecture }}
	key: ${{ runner.os }}-buildx-${{ github.sha }}-${{ matrix.architecture }}
	- name: Configure Docker build
	run: .github/bin/get-buildx-args
	- name: Build the Docker image
	run: .github/bin/docker-build

	buildx:
	runs-on: ubuntu-24.04
	name: Build, ${{ matrix.architecture }}
	strategy:
	matrix:
	architecture:
	- linux/arm/v7
	- linux/arm64
	env:
	MATRIX_ARCHITECTURE: ${{ matrix.architecture }}
	steps:
	- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
	- name: Set up QEMU
	uses: docker/setup-qemu-action@4574d27a4764455b42196d70a065bc6853246a25 # v3.4.0
	with:
	platforms: ${{ matrix.architecture }}
	- name: Set up Docker Buildx
	uses: docker/setup-buildx-action@f7ce87c1d6bead3e36075b2ce75da1f6cc28aaca # v3.9.0
	with:
	# renovate: datasource=github-releases depName=docker/buildx
	version: v0.21.1
	- name: Cache Docker layers
	uses: actions/cache@0c907a75c2c80ebcb7f088228285e798b750cf8f # v4
	id: cache
	with:
	path: /tmp/.buildx-cache/${{ matrix.architecture }}
	key: ${{ runner.os }}-buildx-${{ github.sha }}-${{ matrix.architecture }}
	- name: Configure Docker build
	run: .github/bin/get-buildx-args
	- name: Build the Docker image
	run: .github/bin/docker-build

	test:
	runs-on: ubuntu-24.04
	name: Test, ${{ matrix.architecture }}
	needs: [build]
	strategy:
	matrix:
	architecture: [linux/amd64]
	env:
	MATRIX_ARCHITECTURE: ${{ matrix.architecture }}
	COMPOSE_PROJECT_NAME: wl
	steps:
	- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
	- name: Set up Docker Buildx
	uses: docker/setup-buildx-action@f7ce87c1d6bead3e36075b2ce75da1f6cc28aaca # v3.9.0
	with:
	# renovate: datasource=github-releases depName=docker/buildx
	version: v0.21.1
	- name: Cache Docker layers
	uses: actions/cache@0c907a75c2c80ebcb7f088228285e798b750cf8f # v4
	id: cache
	with:
	path: /tmp/.buildx-cache/${{ matrix.architecture }}
	key: ${{ runner.os }}-buildx-${{ github.sha }}-${{ matrix.architecture }}
	- name: Build the Docker image
	run: .github/bin/docker-build load
	- name: List Docker images
	run: docker image ls --all
	- name: Test the Docker image
	run: docker run --rm weblate/wlc:test version \| grep "version"

	anchore:
	runs-on: ubuntu-24.04
	name: Anchore Container Scan, ${{ matrix.architecture }}
	needs:
	- build
	permissions:
	security-events: write
	strategy:
	matrix:
	architecture: [linux/amd64]
	env:
	MATRIX_ARCHITECTURE: ${{ matrix.architecture }}
	steps:
	- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
	- name: Set up Docker Buildx
	uses: docker/setup-buildx-action@f7ce87c1d6bead3e36075b2ce75da1f6cc28aaca # v3.9.0
	with:
	# renovate: datasource=github-releases depName=docker/buildx
	version: v0.21.1
	- name: Cache Docker layers
	uses: actions/cache@0c907a75c2c80ebcb7f088228285e798b750cf8f # v4
	id: cache
	with:
	path: /tmp/.buildx-cache/${{ matrix.architecture }}
	key: ${{ runner.os }}-buildx-${{ github.sha }}-${{ matrix.architecture }}
	- name: Build the Docker image
	run: .github/bin/docker-build load
	- name: List Docker images
	run: docker image ls --all
	- name: Checkout the code
	uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
	- name: Anchore scan action
	uses: anchore/scan-action@7c05671ae9be166aeb155bad2d7df9121823df32 # v6
	id: scan
	with:
	image: weblate/wlc:test
	fail-build: false
	severity-cutoff: high
	- name: Upload Anchore Scan Report
	uses: github/codeql-action/upload-sarif@b56ba49b26e50535fa1e7f7db0f4f7b4bf65d80d # v3
	with:
	sarif_file: ${{ steps.scan.outputs.sarif }}
	- uses: actions/upload-artifact@4cec3d8aa04e39d1a68397de0c4cd6fb9dce8ec1 # v4
	with:
	name: Anchore scan SARIF
	path: ${{ steps.scan.outputs.sarif }}

	trivy:
	runs-on: ubuntu-24.04
	name: Trivy Container Scan, ${{ matrix.architecture }}
	needs:
	- build
	permissions:
	security-events: write
	strategy:
	matrix:
	architecture: [linux/amd64]
	env:
	MATRIX_ARCHITECTURE: ${{ matrix.architecture }}
	steps:
	- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
	- name: Set up Docker Buildx
	uses: docker/setup-buildx-action@f7ce87c1d6bead3e36075b2ce75da1f6cc28aaca # v3.9.0
	with:
	# renovate: datasource=github-releases depName=docker/buildx
	version: v0.21.1
	- name: Cache Docker layers
	uses: actions/cache@0c907a75c2c80ebcb7f088228285e798b750cf8f # v4
	id: cache
	with:
	path: /tmp/.buildx-cache/${{ matrix.architecture }}
	key: ${{ runner.os }}-buildx-${{ github.sha }}-${{ matrix.architecture }}
	- name: Build the Docker image
	run: .github/bin/docker-build load
	- name: List Docker images
	run: docker image ls --all
	- name: Checkout the code
	uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
	- name: Run Trivy vulnerability scanner
	uses: aquasecurity/trivy-action@18f2510ee396bbf400402947b394f2dd8c87dbb0 # 0.29.0
	with:
	image-ref: weblate/wlc:test
	format: template
	template: '@/contrib/sarif.tpl'
	output: trivy-results.sarif
	severity: CRITICAL,HIGH

	- name: Upload Trivy scan results to GitHub Security tab
	uses: github/codeql-action/upload-sarif@b56ba49b26e50535fa1e7f7db0f4f7b4bf65d80d # v3
	with:
	sarif_file: trivy-results.sarif
	- uses: actions/upload-artifact@4cec3d8aa04e39d1a68397de0c4cd6fb9dce8ec1 # v4
	with:
	name: Trivy scan SARIF
	path: trivy-results.sarif

	push_dockerhub:
	runs-on: ubuntu-24.04
	name: Publish to Docker Hub
	needs:
	- test
	- buildx
	- anchore
	- trivy
	if: ${{ (startsWith(github.ref, 'refs/tags/') \|\| (github.ref == 'refs/heads/main')) && github.repository == 'WeblateOrg/wlc' }}
	steps:
	- name: Checkout
	uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
	- name: Set up QEMU
	uses: docker/setup-qemu-action@4574d27a4764455b42196d70a065bc6853246a25 # v3.4.0
	with:
	platforms: all
	- name: Set up Docker Buildx
	uses: docker/setup-buildx-action@f7ce87c1d6bead3e36075b2ce75da1f6cc28aaca # v3.9.0
	with:
	# renovate: datasource=github-releases depName=docker/buildx
	version: v0.21.1
	- name: Cache Docker layers
	uses: actions/cache@0c907a75c2c80ebcb7f088228285e798b750cf8f # v4
	id: cache-arm64
	with:
	path: /tmp/.buildx-cache/linux/arm64
	key: ${{ runner.os }}-buildx-${{ github.sha }}-linux/arm64
	- name: Cache Docker layers
	uses: actions/cache@0c907a75c2c80ebcb7f088228285e798b750cf8f # v4
	id: cache-arm-v7
	with:
	path: /tmp/.buildx-cache/linux/arm/v7
	key: ${{ runner.os }}-buildx-${{ github.sha }}-linux/arm/v7
	- name: Cache Docker layers
	uses: actions/cache@0c907a75c2c80ebcb7f088228285e798b750cf8f # v4
	id: cache-amd64
	with:
	path: /tmp/.buildx-cache/linux/amd64
	key: ${{ runner.os }}-buildx-${{ github.sha }}-linux/amd64
	- name: DockerHub login
	run: echo "${{ secrets.DOCKERHUB_ACCESS_TOKEN }}" \| docker login --username "${{ secrets.DOCKERHUB_USERNAME }}" --password-stdin
	- name: Configure Docker build
	run: .github/bin/get-buildx-args publish
	- name: Publish the Docker images
	run: .github/bin/docker-build publish

	push_github:
	runs-on: ubuntu-24.04
	name: Publish to GitHub
	permissions:
	packages: write
	needs:
	- test
	- buildx
	- anchore
	- trivy
	if: ${{ (startsWith(github.ref, 'refs/tags/') \|\| (github.ref == 'refs/heads/main')) && github.repository == 'WeblateOrg/wlc' }}
	env:
	DOCKER_IMAGE: ghcr.io/weblateorg/wlc
	steps:
	- name: Checkout
	uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
	- name: Set up QEMU
	uses: docker/setup-qemu-action@4574d27a4764455b42196d70a065bc6853246a25 # v3.4.0
	with:
	platforms: all
	- name: Set up Docker Buildx
	uses: docker/setup-buildx-action@f7ce87c1d6bead3e36075b2ce75da1f6cc28aaca # v3.9.0
	with:
	# renovate: datasource=github-releases depName=docker/buildx
	version: v0.21.1
	- name: Cache Docker layers
	uses: actions/cache@0c907a75c2c80ebcb7f088228285e798b750cf8f # v4
	id: cache-arm64
	with:
	path: /tmp/.buildx-cache/linux/arm64
	key: ${{ runner.os }}-buildx-${{ github.sha }}-linux/arm64
	- name: Cache Docker layers
	uses: actions/cache@0c907a75c2c80ebcb7f088228285e798b750cf8f # v4
	id: cache-arm-v7
	with:
	path: /tmp/.buildx-cache/linux/arm/v7
	key: ${{ runner.os }}-buildx-${{ github.sha }}-linux/arm/v7
	- name: Cache Docker layers
	uses: actions/cache@0c907a75c2c80ebcb7f088228285e798b750cf8f # v4
	id: cache-amd64
	with:
	path: /tmp/.buildx-cache/linux/amd64
	key: ${{ runner.os }}-buildx-${{ github.sha }}-linux/amd64
	- name: Login to GitHub Container Registry
	if: ${{ github.event_name != 'pull_request'}}
	uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3
	with:
	registry: ghcr.io
	username: ${{ github.actor }}
	password: ${{ secrets.GITHUB_TOKEN }}
	- name: Configure Docker build
	run: .github/bin/get-buildx-args publish
	- name: Publish the Docker images
	run: .github/bin/docker-build publish

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

chore(deps): update ncipollo/release-action digest to 440c8c1 (#747) #2054

Workflow file

chore(deps): update ncipollo/release-action digest to 440c8c1 (#747) #2054

Jobs

Run details

Workflow file for this run